In what circumstances should an IT Consultant encrypt their hard drive to protect their code/data of their clients?

I am thinking that if it does not add much to your work load you might as well use full disc encryption with a 'weak' password to at least prevent someone from accessing your email files and other documents if your laptop is stolen, even if they will not get access to any database files or other very sensitive data.

You can also use something like TrueCrypt to create encrypted volumes. So rather than encrypting the entire drive, it creates 'virtual' drives that you can use to store sensitive information. I do that for my source code & docs on my laptop, should it be stolen.
–
GrandmasterBSep 29 '10 at 6:37

3

Unfortunately encrypted volumes are considerably easier to break than full disk encryption, which usually requires something like the Evil Maid attack (schneier.com/blog/archives/2009/10/evil_maid_attac.html) as there is far too often data pertinent to the volume key in memory or temporary space! Check your implementation well if the data on your laptop is highly sensitive!
–
Rory AlsopDec 4 '10 at 13:49

@Rory Alsop: Encrypted volumes are IMO a reasonable tradeoff between security and usability - portable (e.g. a 200 MB TC volume on Dropbox), useful for data that's not really secret (but which you wouldn't want to be completely public). In other words, slightly better than no encryption at all - which can be enough for some scenarios.
–
PiskvorDec 6 '10 at 9:54

3 Answers
3

I agree that full-disc encryption is good, especially if you have sensitive data on your a laptop (you probably do). So, with the new laptop models being plenty fast, I'd say "always".

That said, there are caveats:

if you forget your password, this means all your data are as good as gone (until you remember the password again).

(corollary: any encryption solution that has a "recover password" option is likely snake oil, not encryption)

weak passwords == no protection (your cow-orkers probably won't try to break into your computer, but a stolen laptop's data could be worth some money; plus, pass-phrases are quite strong and easy to remember)

the full-disk encryption could make sleep mode/hibernation impractical, if not impossible (check the product you plan to use)

some data may be accessible from additional locations (e.g. your e-mails may be stored on a server, with a copy stored locally in your computer)

full-disc encryption is not magical pixie dust - it doesn't provide security against other attack vectors, you still need to address those separately (backups, antivirus, firewall, phishing protection, social engineering, rubber hose cryptanalysis)

Note that encryption should not be seen as a way of securing the data forever from anyone - its goal is just to delay an attacker long enough to make the attack uninteresting. With strong encryption, it should take years before the attacker gets to the data by brute force, at which point the data is so old that it's useless. Although the National Security Agency (or similarly powerful entity) can probably crack the encryption much faster (as it can throw enormous amounts of computing power at it), full-disk crypto is still good protection against anyone else cracking it (e.g. your competitors or a random thief).

As a bonus, encryption eliminates casual snooping: if you forget your (powered-off) laptop somewhere, an almost-honest person might decide to browse through your files before returning it to you, just out of curiosity. There's a proverb that says "most locks are made to keep honest people honest"; strong locks will do that, and also keep the really malicious people out for long enough.

One thing that happened to me when contracting for a financial company: My company-issued laptop was full-disc-encrypted, when a software install screwed it up so it wouldn't boot. So there was no way to access anything on it from Windows, since it wouldn't boot, or independently, because it was encrypted, and the IT folks couldn't figure out any way to get the data off. There was a requirement that any laptop or disc pulled out needed to have all the data archived, so they couldn't just wipe and restore. I don't know how they resolved it.
–
David ThornleyOct 8 '10 at 16:06

1

@David Thornley: Alas, S**t Happens. The company had a backup policy, I would presume? (and IMHO the end user would not be very often installing a software that needs to mess with the bootloader and/or system internals so deeply that it could mess them up, which should rank this somewhere in the vicinity of a drive failure: not uncommon, but not really an everyday occurence; something to include in your recovery plans. (I'm also assuming you were not running as a privileged user in day-to-day operation))?
–
PiskvorApr 4 '11 at 15:30

I wasn't doing the install; that was a system-pushed thing one night, and it probably was running as administrator, and back in those days developers ran as administrator as a matter of course. The software being installed was, IIRC, a version of Visual Studio, which is normally a fairly harmless install, but obviously something got screwed up. There was no valuable data on the laptop, everything being pre-installed utilities, and my actual work was done on another box. If it hadn't been for the regulations, IT could have wiped and re-imaged and all would have been fine.
–
David ThornleyFeb 14 '12 at 17:07

1: "weak" passwords aren't an actual issue. Folks don't come around to offices and brute force their way into machines. The real issue is: 1) social engineering, or 2) Keyboard loggers; both of which render a "strong" password useless. Teach your IT department's less technical folks about those two things, how to spot them, and how to handle them, and you'll have no problems.

2: If somebody gets your encrypted disc in their hands, it won't matter that it's encrypted. They can get the data. It's just a matter of how much the data is worth to them. If you're protecting nuclear codes or Google's search algorithm, I'd go for armed guards and forget drive encryption.

re point 2: While anything can be brute-forced, doesn't mean that it can be brute-forced within 10 years. That's plenty of time for the data to become outdated and uninteresting. (NSA may crack your data faster, but the self-proclaimed industrial-espionage expert (actually a thief who just happened to steal your disk) will throw up his hands in frustration and give up - which is the point) As to point 1, three words: defense in depth. I have locks on car doors; that doesn't mean I'll leave the ignition key in - there are multiple risks, and the protections need to complement each other.
–
PiskvorSep 29 '10 at 6:17

I agree with Piskvor on this - brute forcing full disk encryption is likely to be impractical in a usable timeframe. If something is that valuable they will go for physical intimidation/torture etc - which is why if it is that valuable you also provide physical security in addition to the disk encryption. It is a serious deterrent.
–
Rory AlsopDec 4 '10 at 13:52

@Piskvor @ Rory Alsop - good point. I guess I just see full drive encryption as such a detriment that it better be full proof before I waste the time on it. But, if what I'm protecting is very valuable, it's worth spending extra effort to make it even a little harder to get.
–
orokusakiDec 5 '10 at 23:18

Yup. Yet, not a month has passed this year without some company losing an unencrypted laptop with sensitive data (examples are plentiful, search the news for a recent one - those I'd provide in I/2011 might already be forgotten when you read this).
–
PiskvorApr 4 '11 at 15:33

@Pan - There are robbers out there. However, I don't put all my belongings into a safe, just the most important ones (passport, gold, etc). Instead, I have security to help prevent somebody getting access to all my belongings. This saves me from the side effect overhead of having to go into the safe to get a cup out when I want water, or pants when I get dressed in the morning. I use a hard to guess password to lock the safe, so the things I care about the most are less likely to get stolen.
–
orokusakiApr 4 '11 at 16:04

Frankly, I don't think there's any excuse for not using FDE. I have used it in my laptop for years, with practically no issues.

I use LUKS encryption, which is part of Debian (the installer will even set it up for you).

To address the concerns in other answers:

if you forget your password, this means all your data are as good as gone True, but this only means you need to keep your password written down in a safe place (or good memory). Forgetting is not much of an issue, because you have to type it in every time you boot.

the full-disk encryption could make sleep mode/hibernation impractical No problem. Sleep is unaffected, because RAM contents are preserved. Hibernation works out of the box, and hibernates to an encrypted swap partition.

reduces performance This is true, but the impact is minimal in normal operation. It is only noticeable if both I/O and CPU are maxed out. The only situation I notice is during video encoding, and even then the overhead is only about 10%.

any encryption can be cracked Unlikely - if you choose a strong passphrase (i.e. one generated by a program), there is (in the foreseeable future) no way to brute-force it.

In my opinion, a laptop with any kind of even mildly private information should always use FDE. Laptops are too easily lost or stolen.